[systemd-devel] Hiding systemd-cryptsetup password prompt
Sergio Arroutbi
sarroutb at redhat.com
Wed Jun 5 13:36:37 UTC 2024
Hello. I have tried with headless=yes. The issue with this is that
systemd-cryptsetup ends, so I can not provide the password for decryption
through socket provided in /run/systemd/ask-password/sck.numbers
I miss an option where systemd-cryptsetup is executed headless, but
continues running, without exiting.
I have tried with keyfile=/dev/urandom and option=keyfile-size=600000, but
it is too quick. I also tried try-empty-password, but this is tried only
once.
I am running out of ideas.
On Tue, Jun 4, 2024 at 6:24 PM Luca Boccassi <luca.boccassi at gmail.com>
wrote:
> Add headless=yes to the crypttab entry for the device you want to
> avoid interactive passwords prompt for
>
> On Tue, 4 Jun 2024 at 17:22, Sergio Arroutbi <sarroutb at redhat.com> wrote:
> >
> > Hello Lennart. Thanks for your quick response.
> >
> > This option will disable all password prompt ... hiding also our calls
> to systemd-ask-password ... is it possible to discard systemd-cryptsetup
> one specifically?
> >
> > On Tue, Jun 4, 2024 at 2:52 PM Lennart Poettering <
> lennart at poettering.net> wrote:
> >>
> >> On Di, 04.06.24 13:08, Sergio Arroutbi (sarroutb at redhat.com) wrote:
> >>
> >> > Hello.
> >> >
> >> > We are implementing a feature related to PKCS#11 that, when some
> conditions
> >> > are met (mostly that PKCS11 PIN has not been stored in configuration
> and
> >> > input to our systemd unit), requires systemd-cryptsetup service
> password
> >> > prompt to be hidden from TTY and executed only listening to password
> >> > provided by the socket defined in
> >> > https://systemd.io/PASSWORD_AGENTS/
> >>
> >> The boot-time password prompt on the TTY is just an agent too. Mask it
> >> via "systemctl mask systemd-ask-password-console.service".
> >>
> >> Lennart
> >>
> >> --
> >> Lennart Poettering, Berlin
> >>
> >
> >
> > --
> > Sergio Arroutbi Braojos
> > Senior Software Engineer at Red Hat - Special Projects (SECENGSP)
> > Red Hat
>
>
--
Sergio Arroutbi Braojos
Senior Software Engineer at Red Hat - Special Projects (SECENGSP)
Red Hat <http://redhat.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20240605/9919f597/attachment.htm>
More information about the systemd-devel
mailing list